Tag Archives: databreach

10Fold – Security Never Sleeps – 23

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider:  3.3 million records have been stolen from the Hello Kitty fan database. Justice department opens investigation into Uber database breach that was reportedly done by the Lyft’s technology chief. Security researcher has found that it is surprisingly easy to hack the United States power grid. Security company FireEye, has identified that APT16 has been carrying out phishing attacks on unnamed media outlets.

Millions of Hello Kitty Fans’ Data Exposed By Database Hack – Publication: ZDNet – Reporter name: Zack Whittaker

A database used by Hello Kitty fans has reportedly been found online after servers were hit last month. As many as 3.3 million records are said to be in the database. It’s not immediately clear where the database was leaked to, or if the database can be verified for authenticity. The breach, first reported by CSO Online, was discovered by security researcher Chris Vickery. Records in the data cache include names, encoded but easily reversible birthdays, gender, security questions and answers, and unsalted passwords using the weak SHA1 algorithm.

Justice Department Opens Investigation Into Uber Data Breach – Publication: Time – Reporter name: Daniel White

The Department of Justice is investigating a data leak at Uber, including whether or not employees at rival Lyft had anything to do with the incident. Popular ride-hailing service Uber revealed earlier this year that data on as many as 50,000 of its drivers had been accessed without its consent in May 2014. A subsequent Uber investigation found that an Internet address possibly associated with the leak was traced to Lyft’s technology chief Chris Lambert, Reuters reported in October based on two anonymous sources.

U.S. Not Prepared To Defend Power Grid From Cyberattacks – Publication: Huffington Post – Reporter name: Garance Burke & Jonathan Fahey

Security researcher Brian Wallace was on the trail of hackers who had snatched a California university’s housing files when he stumbled into a larger nightmare: Cyberattackers had opened a pathway into the networks running the United States power grid. Digital clues pointed to Iranian hackers. And Wallace found that they had already taken passwords, as well as engineering drawings of dozens of power plants, at least one with the title “Mission Critical.” The drawings were so detailed that experts say skilled attackers could have used them, along with other tools and malicious code, to knock out electricity flowing to millions of homes.

Taiwan Opposition  Hacked As China’s Cyberspies Step Up Attacks – Publication: Bloomberg – Reporter name: Time Culpan & David Tweed

An attack on the unnamed media outlets came in the form of phishing e-mails with the subject line “DPP’s Contact Information Update,” according to research by security company FireEye Inc., which identified a Chinese state-backed group called APT16 as carrying out attacks. Hackers also infiltrated e-mails of party staff, changing security protocols and writing messages spoofing the account holders in what may have been an attempt to deliver malicious code, according to one of the victims.

10Fold – Security Never Sleeps – 9

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Hilton hotel has released a statement saying they have suffered a security breach that leaked customer financial information. The U.S. Air Force is looking into how classified data found its way into a report in Forbes magazine. Yet another root certificate preinstalled on Dell machines when they are shipped out to customers, this certificate makes the computer easy prey for malicious attacks while using public Wi-Fi networks. A Russian hacker who claims to have access to websites like Facebook and Twitter has recently been linked to the breach of 1.2 billion internet credentials.

Hilton Hotel Chain Reports Data Breach – Publication: Wall Street Journal – Reporter name: Craig Karmin

Hilton Worldwide Holdings Inc. on Tuesday said it suffered a security breach related to customer credit and debit card payments at its hotels, prompting the company to launch a global investigation to determine how far the breach had spread.

U.S. Air Force Looking Into Data Breach Related To Contract Protest: Sources – Publication: Reuters – Reporter name: Andrea Shalal

The U.S. Air Force is looking into how classified data about a competition for a next-generation U.S. bomber found its way into a report published by Forbes magazine, according to several sources familiar with the issue. Boeing Co and Lockheed Martin Corp this month filed a formal protest against the Air Force’s contract with Northrop Grumman Corp to develop the new long-range strike bomber, a deal worth up to $80 billion.

Dell In Hot Water Again As Second ‘Superfish’ Root Certificate Surfaces – Publication: ZDNet – Reporter name: Liam Tung

Dell customers have turned up a second root certificate installed on some Dell machines, which could make them easy prey for malicious attacks on public Wi-Fi networks. The second problematic root certificate is called DSDTestProvider. Its discovery follows yesterday’s removal by Dell of the dangerous eDellroot certificate from affected Dell PCs.

FBI Has Lead In Probe Of 1.2 Billion Stolen Web Credentials: Documents – Publication: Reuters – Reporter name: Nate Raymond

A hacker who once advertised having access to user account information for websites like Facebook (FB.O) and Twitter (TWTR.N) has been linked through a Russian email address to the theft of a record 1.2 billion Internet credentials, the FBI said in court documents. That hacker, known as “mr.grey,” was identified based on data from a cybsecurity firm that announced in August 2014 that it had determined an alleged Russian crime ring was responsible for stealing information from more than 420,000 websites, the documents said. The papers, made public last week by a federal court in Milwaukee, Wisconsin, provide a window into the Federal Bureau of Investigation’s probe of what would amount to the largest collection of stolen user names and passwords.

10Fold – Security Never Sleeps – 7

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Starwood hotels admits that a data breach has resulted in the theft of customers financial information. Victims of the Patreon site hack are now being subjected to hackers demanding bitcoin in exchange for their personal information not being released to the dark web. Cybercriminals are ramping up to spread holiday malware. Apple’s CEO takes a stand on back doors to encryption communication.

Starwood Hotels Falls Prey To Point-of-Sale Malware – Publication: ZDNet – Reporter name: Charlie Osborne

Starwood has admitted that a security breach taking place at 54 hotels has resulted in the theft of financial data from customers. Last week, the hotel chain admitted that a “limited number” of hotels in the US have become infected with malware, enabling cyberattackers to access financial data belonging to customers.

Extortion Attempt On Victims Of Patreon Site Hack – Publication: BBC – By BBC STAFF

Some members of the crowdfunding website Patreon, which was hacked last month, say they have received emails demanding bitcoin payments in return for the protection of their private data. The data listed in the email includes credit card details, social security numbers and tax identification numbers.

Tis The Season…Of Malware – Publication: CSO – Reporter name: Stu Sjouwerman

Cybercriminals have been preparing for another Black Friday/Cyber Monday. It’s a time for them to make big profits too. Last year’s scams will undoubtedly return and some new tricks will arise. Here are some of the top scams that CSOs should be preparing their company’s users to be aware of.

Apple’s CEO On Encryption: “You Can’t Have A Back Door That’s Only For The Good Guys” – Publication: Forbes – Reporter name: Steve Morgan

There’s a burning debate – bordering on a battle – between the U.S. government and technology companies over encryption. The government asserts that encryption – when it is so strong that the police cannot eavesdrop on communications in their efforts to catch and prosecute criminals – is a bad thing. Some government officials have even suggested that terrorists use encrypted communications to help carry out their acts of malice.